Volume2: Online security: Your architectural requirements.

 In Connectikpeople we are very conscious regarding the online security stakes .Therefore we have decided via this series to highlight some convenient like to help you.

Some systems operate better in highly distributed environments, on large networks or in small environments. At Concord Hospital, one BigFix server manages 4,700 PCs and 400 servers, Starry says, although the system can scale to 250,000 endpoints. Colville agrees that a strength of BigFix is its scalability. "It can play in very large or very small organizations."

Meanwhile, at HPD, Jacob needed a system that could stretch across multiple distributed points. HPD was able to distribute Lumension servers in five boroughs in New York City, with the main server at the primary data center in downtown Manhattan. "Endpoints are able to pull from a distributed point that's the shortest hop away and sometimes even in the same building as the PCs are located," he says.

At Tamiyasu, Bradley liked the fact that Shavlik was "nimble and lightweight. Others are very enterprise-tailored," she says. "I couldn't dedicate the database and hardware resources required."

DON'T expect to "set it and forget it." According to Jacob, just because you hear the word "automation" doesn't mean you can click "enable" and let the system do the rest. In addition to creating a careful and thorough test methodology, "you have to tweak, control and plan deployments and do compatibility testing," he says. For instance, when you look at a report that shows a certain number of patches didn't get applied, you need to see why that happened and then redeploy them. At HDS, one engineer is a dedicated Lumension administrator, managing the deployments, tests, feedback and remediation actions, Jacob says. "I would say 30 percent to 40 percent of his time is devoted to the patch management process," he says. "It does require man-hours, as well as always keeping risk in perspective." 

DON'T overlook testing. The vendors perform some internal testing before bundling up and distributing patches. However, this is mainly focused on determining whether the patch breaks standard software and verifying that it does what it claims to do, Maiwald says. For example, Starry says, BigFix provides quality assurance on the patches before releasing them. "If a patch is issued on Patch Tuesday, it's in our hands by midnight or 1:00 a.m. or 2:00 a.m.," he says. Patch Tuesday is the second Tuesday of each month when Microsoft releases its patches.

This does not, however, take the place of regression testing you'll need to do on-site, Maiwald says. "The vendor doesn't test all the possible permutations of what is going to happen when it's applied." The stakes get higher as the environment grows. "It's one thing to push a patch out to 10 clients, but it's a bigger deal with 1,000 or 10,000," he says. Each enterprise needs to determine the level of testing required for different situations, Maiwald says, as well as the level of change management needed. From CSOOLINE.(image from istockphoto).